CVE-2017-2826
Published: 9 April 2018
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
Priority
Status
Package | Release | Status |
---|---|---|
zabbix Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
|
groovy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
trusty |
Needed
|
|
upstream |
Released
(2.0.21rc1, 2.2.18rc1, 3.0.9rc1, 3.2.5rc1, 3.4.0alpha1)
|
|
xenial |
Needed
|
|
mantic |
Not vulnerable
|
|
Patches: upstream: https://github.com/zabbix/zabbix/commit/587baa641808bf3a5d391934853c4572d1a9e9d7 upstream: https://github.com/zabbix/zabbix/commit/044f00a956077ba7246ce0761b13b0341c937232 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.7 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |